Skip to main content

Segregation of Duties

Description

The segregation of duties (SoD) is a fundamental element of internal controls, defined to prevent error and fraud. Segregation of duties ensure that at least two individuals are responsible for the separate parts of any task.

For each user, the roles tab displays the list of roles assigned to the user and the possible risks. If you click on a role record, Soffid will show the entitlement details including the SoD rules with the detail of the risk. 

Screen overview

image.png

image.png

  • Users : where you can check if a granted role has a comment related to the SoD.

    • Standard attributes

    SoD table

    • Qualified name: asset or application, from a functional point of view, on which the permissions are granted or revoked.
    • Name: name of the segregation of duties.

    SoD detail

    • Name: name of the segregation separation of dutiesduties.
    • Information Systemsystem: asset or application, from a functional point of view, on which the permissions are granted or revoked.
    • Type: type of segregationsegregation. 
      • Trigger on all permissions: no user can be assigned the roles added to the role list.
      • Trigger on some permissions: if you select that option, you have to fill in the number of roles that can not match. Soffid will not allow you to assign to a user more than the number indicated of the roles added to the role list.
      • Query permissions matrix: Soffid displays a matrix that allows you to select the risk between pairs of roles, those roles are the roles added to the role list.
    • Risk: level of risk:
      • Low.: allows the user to have all roles, but a small warning is displayed on the user screen when viewing the role details.
      • High.: allows the user to have all roles, but a big warning is displayed on the user screen when viewing the role details.
      • Forbidden:  it is not allowed that one user to have assigned the roles defined on the role list.
      • None: there is no risk.
    • Role List: list of roles to keep in mind on the segregation of duties.
      • Name: name of the role
      • Description: description of the role
      • System: target system owner of the role

    Actions

    Segregation

    SoD of Duties query actions

    table

    Query"Query"

    Allows you to query Segregation of Duties through different search systems, Basic and Advanced.

    Add new

    Allows you to add a new Segregationsegregation of Dutiesduties in the system. You can choose that option on the hamburger menu or click the add button (+).

    To add a new Segregationsegregation of Dutiesduties it will be mandatory to fill in the required fields

    Delete segregation of duties

    Allows you to remove one or more Segregationsegregation of Dutiesduties by selecting one or more records and next clicking thethis button with the subtraction symbol (-).button.

    To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.

    Download CSV file

    Allows you to download a CSV file with the basic Segregationsegregation of Dutiesduties data.

    Import

    Allows you to import a CSV file with the list of segrefation of duties to be created or updated.

    Segregation

    SoD of Duties detailed actions

    detail

    Apply changes

    Allows you to save the data of a new role or to update the datasegregation of a specific role.duties. To save the data it will be mandatory to fill in the required fields

    Delete segregation of duties

    Allows you to delete athe Segregationsegregation of Duties. You can choose that option on the trash icon.

    To perform that action,duties. Soffid will ask you for confirmation, you could confirm or cancel the operation.

    Undo

    Allows you to quit without applying any changes.
    Add new (role list) Allows you to add a new role to the Rolerole list. You can add a role by clicking the add button (+), then Soffid will show a form to search and select one or more roles. Finally, you need to click the apply changes button and the roles will be added to the role list.
    Delete (role list)

    Allows you to delete one or more roles from the role list. You can select one or more roles and then click thethis button with the subtraction symbol (-).button. The roles will be deleted from the role list without Soffid asking for confirmation.
    Preview changes

    Allows you to quickly see which users are affected by this role segregation rule.

    Back to top